Regulatory and government guidance addressing AI agents across jurisdictions.
19 resources
European Commission hub page for Regulation 2024/1689 (EU AI Act), linking to the official text, implementing acts, Commission guidelines, AI Office activities, and FAQs. Primary reference for agent developers assessing obligations under the Act.
Nannini et al. propose a compliance architecture for AI agent providers under the EU AI Act, mapping Articles 9-15 (risk management, data, transparency, oversight, accuracy, resilience) to concrete technical controls suitable for tool-using, multi-step agents.
Spanish Data Protection Agency guide analysing agentic AI under GDPR and Spanish law, covering lawful basis, automated decision-making under Article 22, data minimisation across tool calls, DPIAs, and controller/processor allocation for agent chains.
Gardhouse, Oueslati, and Kolt analyse regulatory options for AI agents under existing and emerging law, comparing extensions of the EU AI Act, sectoral rules, liability regimes, and standalone agent regulation, with a policy-tool decision matrix.
Melanie Fink's legal analysis of Article 14 EU AI Act human-oversight obligations applied to agentic systems. Argues the requirement of effective oversight constrains autonomy levels and mandates interruptibility, interpretability, and overseer competence.
Oueslati and Staes-Polet (Future Society) paper on governing AI agents under the EU AI Act, identifying where agents fall under GPAI, high-risk, and prohibited-practice provisions. Recommends Commission guidelines and AI Office actions to close gaps.
Lloyd Jones (European Law Blog) analyses tool-sovereignty problems under the EU AI Act - which actor bears Article 16 provider duties when agents autonomously select, chain, and configure external tools at runtime.
Keivan Navaie (IAPP) article on engineering GDPR compliance into agents, covering purpose limitation across tool calls, data subject rights over agent memory, automated-decision protections, and accountability records for multi-step autonomous processing.
Future of Privacy Forum analysis of data-protection issues raised by AI agents across major regimes (GDPR, US state laws, APEC CBPR). Covers consent models, controller allocation, profiling, and cross-border transfers when agents act autonomously.
Baker McKenzie summary of Singapore IMDA's Model Governance Framework for Agentic AI launched in January 2026. Covers the five-dimension framework, its relationship to prior AI guidance, and practical implications for deployers operating in Singapore.
Singapore IMDA hub page consolidating the country's AI activity: Model AI Governance Framework, Companion Guide on Securing AI, AI Verify testing, agentic AI framework, and sector-specific sandboxes. Primary entry point for IMDA AI resources.
Anderson Mori & Tomotsune summary of Japan METI's AI Guidelines for Business v1.1, which consolidate earlier AI principles and add expectations for developers, providers, and users of AI systems, including emerging guidance for agentic deployments.
Australia's Voluntary AI Safety Standard with ten guardrails covering accountability, risk management, data governance, testing, transparency, human oversight, contestability, supply-chain due diligence, records, and stakeholder engagement. Applicable to agent deployments.
DISR introductory companion to the Voluntary AI Safety Standard explaining policy context, target audience (Australian organisations deploying AI), and how to use the ten guardrails as an interim voluntary baseline before mandatory high-risk rules.
Treasury Board of Canada's Directive on Automated Decision-Making governing federal use of automated systems, including agent-driven workflows. Requires Algorithmic Impact Assessments, transparency notices, quality assurance, and human recourse scaled to assessed impact levels I-IV.
Kim & Chang summary of Korea PIPC's generative AI privacy guidelines setting expectations for lawful basis, training-data handling, data subject rights, and security measures when developing or deploying generative AI, including agentic applications.
India's MeitY AI Governance Guidelines issued under the IndiaAI Mission, proposing a principle-based framework covering accountability, transparency, fairness, safety, and privacy for AI developers and deployers, with sector-specific implementation guidance and expected standards.
IAPP summary of Spain AESIA's supervision framework as Spain's lead AI regulator under the EU AI Act. Covers AESIA's role, planned guidance, sandbox programme, and coordination with the AEPD on agent-adjacent issues.
Gornitzky summary of the Israeli Privacy Protection Authority's AI guidelines clarifying how the Privacy Protection Law applies to AI systems, including notice duties, lawful basis, automated decision transparency, and vendor obligations relevant to agent deployments.